This post is only available in Spanish
This content is only available in Spanish.
This content is only available in Spanish.
The security of the supply chain is becoming one of the most important aspects on the agenda of many organizations. This may be due to regulatory impositions, as is the case of financial institutions, on the part of both the European Central Bank (ECB) and the European Banking Authority (EBA), or also due to a growing awareness of the impact that the supply chain has on the business itself. And this awareness has a lot to do with the application of the European General Data Protection Regulation, which explicitly obliges the controllers to ensure that the third parties to whom they subcontract the processing of the data in their possession comply with the security measures that the responsibles should demand them.
Although, in fact, the concern for the supply chain extends beyond the personal data, since from that chain also ...
This entry is only available in Spanish
Sorry, this entry is only available in Spanish.
This post is only available in Spanish.
This entry is only available in Spanish.
We have heard some news in these first months of 2018 related to the National Security Scheme (ENS), mandatory compliance framework in terms of IT security in Public Administration field.
In February, LEET Security was accredited as certification entity in accordance with the ENS, and in April the approval resolutions of two new Technical Security Instructions were published in the Official Government Bulletin; whose objective is to properly develop the implementation of requirements and measures included in the ENS (Royal Decree 3/2010).
On the one hand, the resolution of March 27, 2018 approves the Technical Security Instruction for Information Systems Security Audit (BOE-A-2018-4573). And secondly, the resolution of April 13, 2018 approves the Technical Security Instruction for Security Incidents Notification (BOE-A-2018-5370).
The purpose of the Audit Security Technical Instruction is to establish the conditions for carrying out the ...
This entry is only avalable in Spanish
Spanish digital services multinational Stratesys has obtained the Cybersecurity rating from LEET Security, which credits its effectiveness and quality in the development, support and maintenance of applications on the virtual environment of its clients. This certification shows the effective application by the consulting company of a high control framework and security measures in the three evaluated dimensions: confidentiality, integrity and availability.
The rating recognizes not only Stratesys' operations in terms of security management but also endorses the level of robustness and rigor of the security measures with which it provides remote services for support and maintenance of applications.
In this sense, Andreas Makrandreou, partner-director of Stratesys, assures that "the recognition of LEET Security is a guarantee of reliability and excellence in all the processes of management and execution of projects and services that we are providing to our clients. In ...
This content is exclusively available in Spanish
Finally, it is here. For some time now, our clients and other entities interested in rating have been asking us for a simpler form, but keeping all the rigor incorporated within our methodology, to carry out the evaluation of their cybersecurity levels online.
And this is what we have done, incorporating all the controls and algorithms used in the qualification, within the E-Qualify tool, to carry out the analysis in a self-assessment format.
E-Qualify contains the complete rating framework, which allows the assessment of all aspects related to security in the provision of its services, covered in the 14 domains and 76 sections of the methodology, to provide the result based on the answers provided during the process. The evaluation report includes not only the global score, in the three dimensions of Confidentiality, Integrity ...
This notice in only available in Spanish.
We are sorry. This entry is not available in English.
Last April, 27, LEET Security participate in the Club de la Excelencia en Gestión section at program Pulso Empresarial with Antonio Ramos, together with Miquel Romero i Grané, Members and Knowledge Director to present the resutls of the Study 'Corporations and Cybersecurity'.
During the interview, we review the more relevant results of this Study, together with a short and clear explanation of key points of security rating: what is security rating? What elements are assessed? What is the meaning of rating?... And, also, some reflections on the impact of new privacy regullation (GDPR), cybersecurity accountability in corporations or, even, how rating could be incorporated into corporate compliance.
In this webinar organized by Valencia Chapter of ISACA, we share the paper given by Antonio Ramos in CSX2016 Europe event organized by ISACA in London, past October. As stated in the title, we will address the options an organization has to know, to understand and to manage the cyber risk of relationships with third parties, both providers and partners, connected and non-connected services and, of course, taking into account the organization risk appetite.
Last May, 14 and related to the recent incident on Friday known as WannaCry, Founder Partner of LEET Security, Antonio Ramos, has been interviewed for the News, both in La 1 and Telecinco channels.
In the following links, we include reference to both media:
¡¡Sorry, this content is only in Spanish!!
Sorry! This information is only available in Spanish...
This notice is not available in English
After Snowden, some days ago media published a new case. Again, a Booz Allen Hamilton employe has been charged of secrets theft. It is not clear yet, if he has passed this documents, if he is a spy o if, simply, he was storing that information.
Read more about these news in our journal "Information Security rating and labeling magazine" or at:
The New York Times, "N.S.A. Contractor Arrested in Possilbe New Thef of Secrets"
Schneier on Security, "NSA Contractor arrested for Stealing Classified Information"
HelpNetSecurity, "Why attaching security to each piece of data is critical"
Not available in English. Please, select the Spanish version
[Sorry, this article is only in Spanish!!]
The paper presented by LEET Security to Iberoamerican Congress of ICT Governance and Advanced Management (gigaTIC16), "(Security) Vendor Risk Management: You cannot live without it", has been selected by the organizing committee of ISACA Barcelona and itSMF España at Catalonia. Therefore, next April, 28th at Telefónica Difital 00 Auditorium in Barcelona, we will have the opportunity to share how security rating can be used in vendor risk mamagement processes.
In our presentation, we will analyze how the growing dependency of third parties due to tendencies like digital transformation or shadow IT, makes necessary to analyze and manage the cybersecurity risk of that vendors. And, once you hace to manage third party risks, we will explore how security rating improves effectiveness and efficiency of this process allowing managing a high numer of vendors with a very adjusted resources allocation ...
Sorry. Not available in English.
Sorry! The information about this event is only in Spanish.
Next March, 18th, European Commission is hosting a workshop on cloud security with the subtitle: "Building Trust in Cloud Services - Certification and Beyond". The workshop will be facilitated by the European Commission and will focus on the following issues:
In each session throughout the day, panels of experts in cloud computing will touch on their own experience to convey their perspective of these issues. Participants will be invited to actively discuss their own experience of these issues and together prioritise mechanisms to address them.
LEET Security ...
On December 30, 2015, Aiuken Solutions achieved the rating seal of its services under the assessment and labeling methodology by LEET Security.
Aiuken has addressed the rating of services provided from its managed security center (SOC), consisting of "Managed Security Services" (which include data protection services, IT systems operation and threat management), “Web Application Firewall (WAF) services” and the "Anti-DDoS services", obtaining in all of them the triple C C C rating, which demonstrates the effective implementation of a large framework of control and security measures in all three evaluated dimensions (CIA: confidentiality, integrity and availability).
LEET Security rating evaluates beyond operational practices according to a ISMP, but the level of robustness and rigor of their own security measures implemented into the services and the resilience in case incident, providing Aiuken’s customers with a clear and transparent information on ...
INCIBE, entity under Ministry of Industry, Energy and Tourism, and LEET Security, have signed a collaboration agreement to jointly develop a cybersecurity capability building model for industrial systems and applicable to strategic and critical infrastructures.
This model will be based on the methodology developed by LEET Security to build up a labelling system that rates the efectiveness and maturity of security measures implemented by providers in their ICT services, and that will be adapted and evolutioned together with INCIBE to keep the allignment with international standards and good practices like NIST, ISA, ENISA, etc., as well as the own LEET Security model, creating a rating system based on 5 levels, from E to A.
This model to be developed will be also alligned with the rest of initiatives developed in the Security and Industry CERT (CERTSI_) dependent on INCIBE and ...
LEET Security has acceded to the Collaboration Agreement "Smart City" of Móstoles City Council with the project " Reliable and Cybersecure Smart City" that seeks to assure that technological services that support smart city projects started in the town are trustworthy.
This project will develop, firstly, a pilot phase with ICT services users related with Mostoles City Council and associated entities to evaluate and identify the cybersecurity requirements that should be added to those ICT services in order to provide confidence and privacy conditions to the information managed.
And, secondly, special conditions will be offered to ICT service providers located in Mostoles for adhering to security rating and labelling services, so that Mostoles town will become a pole of attraction for technological service providers that would bid for transparency and cibersecurity as they would become a reference at an European ...
Rural Servicios Informáticos (RSI), entity that provides core banking services to Rural Groupo and other financial entities, has become first organization in rate the security of services provided gaining a B B A label according to LEET Security rating system.
RSI has become the first organization in gaining the rating security label offered by LEET Security.
RSI has undergone the rating of its 3 main services offered ('Services to Members', 'Services to Third Parties' and 'Internal Services') obtaining in all of them the level B B A. This rating level shows the effective application of a high control framework and security measures in the three dimensiones rated (confidenciality, integrity and availability).
The innovative security rating service offered by LEET Security provides information to RSI clients about security measures implemented, as well as its reponsed capacity in case of incident ...
INCIBE (Instituo Nacional de Ciberseguridad) has just published leet security rating mechanism in its website section "Make Trustworthy Business". This publication entails an analysis process by INCIBE abouth mechanism characteristics that ends with the publication of a summary of the main system characteristics in the website (link).
As general summary, as stated in the information published by INCIBE, "this labeling / kite mark implies a rating of the provider being reviewed [the one that provides the service rated]. Therefore is quite important to check the rating of the label. This rating, refering to three dimensions of security, rates from A to E. In this scale, A means a higher security and maturity than E."
From leet security we would like to thank INCIBE by the willingness to add our security labeling mechanism to this section of its website due to the ...
European Union Agency for Network and Information Security (ENISA), supporting the activities of the EU Cloud Strategy, has published a list of the existing Cloud Certification schemes (CCSL – Cloud Computing Certification Schemes List). This initiative will help potencial cloud users decide on the security of different cloud solutions. The list was developed by ENISA in close collaboration with the European Commission and the private sector (EC Certification Selected Industry Group).
CCSL gives an overview of different existing certification schemes which could be relevant for cloud computing customers. CCSL also shows which are the main characteristics of each certification scheme. For example, CCSL answers questions like "who issues ...
Evicertia understands the importance of provide transparency to the security they implement in their services and, for that reason, it has relied on leet security rating system to label the security of all its services.
eVicertia (Evidencias Certificadas, SL), in his continuous efforts in security, understands that transparency is essential to build up trust with its users and, for that reason, it has decided to become the first company in adopt the rating system proposed by leet security, rating agency.
Thanks to this agreement, eVicertia and leet security will work together to verify the applicability of rating guide in all the services of certified notification provided by eVicertia (eviNotice, eviMail, eviSign y eviSMS) and the use of this security labeling system in these services.
Full text of press release (in Spanish) [PDF]
Antonio Ramos, CEO of security rating agency will participate in the 1st Workshop of Research in ICT Security Technologies organized by AEI Seguridad next 30th, November in León (Spain). The title of the paper that will be presented by our CEO in this Workshop is "Application of rating models to cloud services security assessments". We hope you in León...
Antonio Ramos, CEO of security rating agency will participate in the first edition of Segurinfo organized by Usuaria Association in Spain the next 21st of November in the Palacio de Congresos (Madrid). Conference talks are organized in two tracks, one about security economics and other about cybersecurity and our CEO participation will be "Buying security services" and will talk about utilization of security rating for solving asymmetric information issues in ICT services. We will see you there...
Antonio Ramos, CEO of security rating agency will present the session "Rating cloud services security" inside the Conference VISION12 organized by itSMF Spain the following 19th and 20th of November in Madrid.
In this link you will find the register page for if you are interested in being with us...
Antonio Ramos, CEO of security rating agency and author of blog Carpe Diem will be at 6th Edition of ENISE - Encuentro Internacional de SEguridad de la Información (Information Security International Meeting) that INTECO organizes annually at León (Spain).
Specifically, Antonio Ramos will participate in the session "Security bloggers meeting 2012" that will takes place on 23th between 18:30 and 20:30.
Full text of the press release [in Spanish]
EuroCloud España, consciente de las garantías demandadas por los usuarios acerca de la seguridad y confidencialidad de los datos almacenados en la Nube, ha firmado un acuerdo de colaboración con la agencia de calificación de servicios TIC, Leet Security, para facilitar el acceso de sus asociados a este sistema de generación de confianza.
La calificación ofrecida por Leet Security sobre los asociados de EuroCloud España contará con el respaldo de la organización de cloud computing y estará disponible para su consulta. De esta manera, aquellos interesados en contratar soluciones de cloud computing podrán comparar antes de contratar un servicio la confidencialidad, integridad y disponibilidad ofrecida por distintos los proveedores y elegir entre ellas según sus propias necesidades.
El sistema de calificación para la contratación de servicios TIC desarrollado ...
Ayer, día 29 de mayo, tuvo lugar la inauguración oficial del Vivero de Empresas de Móstoles con la presencia del Alcalde de Móstoles, Daniel Órtiz (@danielortizesp) y la Ministra de Empleo y Seguridad Social, Fátima Bañez (@FatimaBanez). Después de la inauguración y antes de los discursos institucionales, tuvimos la suerte de contar con la visita de la comitiva liderada por la Señora Ministra a nuestras instalaciones en el Vivero. Os dejamos con los vídeos de la visita:
itSMF España junto a la Universidad Carlos III de Madrid, la Universidad de Oviedo y la Universidad de Extremadura organizan el próximo 28 de mayo, el Academic ITGSM12: VII Congreso Académico Internacional en Gobierno y Gestión del Servicio de las Tecnologías de la Información (TI).
El Congreso Academic ITGSM12 se centra en pedir a la comunidad Académica y de las empresas más innovadoras que compartan su visión, investigaciones y trabajos que ayuden a impulsar al tejido empresarial a avanzar ante este nuevo reto. Siguiendo esta línea argumental, la temática del congreso se agrupará en torno a las últimas prácticas, experiencias e investigaciones del Gobierno y la Gestión del Servicio de unas tecnologías de la información que son clave para la sociedad y la economía ...
El próximo jueves, 26 de abril, a las 19:00, participaremos en la conferencia organizada por la Asociación de Titulados Universitarios Oficiales en Informática (ALI) y el Colegio Profesional de Ingenieros Técnicos en Informática de la Comunidad de Madrid (CPITICM) en el Salón de Grados de la Facultad de Informática de la UPM ubicada en el campus Sur (Ctra. Valencia, km. 7)
Título: Conferencia ALI - CPITICM: "La calificación de seguridad TIC" Lugar: Sala de grados Escuela Universitaria de Informática - Campus Sur UPM (Ctra. Valencia, km. 7 - Madrid) Hora de Inicio: 19:00 Date: 2012/04/26 Hora de Finalización: 21:00
El regidor de Móstoles, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqueda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. El Alcalde de Móstoles, Daniel Ortiz, ha destacado el perfil innovador y pionero de los sectores laborales de los emprendedores que radicarán sus negocios en el nuevo Vivero de Empresas. El regidor, que ha entregado las llaves de las oficinas, ha resaltado la vocación de los emprendedores seleccionados en la búsqu3eda de nuevos yacimientos de empleo, ideas relacionadas con las nuevas tecnologías y las redes sociales y, en general, de proyectos alejados de la oferta productiva habitual. Enlace a la noticia original
If you think your service provider is going to take care of everything, then you have another thing coming. Dark reading - Tech Center: Cloud Security. Jun 03, 2011